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h method for gecurino accega t o a i7^ 7 ^ote system 

The present invention relates to a method for securing 
5 access to a system. In particular, the invention relates to 
a method for securing access to data of a remote system 
using a communications apparatus. 



Because of the increasingly widespread deployment and use 
10 of data networks, security aspects are becoming 
increasingly important in various applications. These may 
be applications in which secret information is transferred 
between data processing devices via a data network, e.g. in 
electronic payments transactions, electronic "shopping" and 
15 the like. Most importantly, security requirements include, 
apart from secure transmission of data via the network, the 
identification of an authorized user. In particular, when 
an authorized user wishes to access, via a publicly 
accessible data network, to a system and/or to data stored 
20 there and associated with it, it must be ensured by 
specific arrangements, that only the authorized user can 
access associated data. 



For example, the data network can be an internet, 
25 comprising a large number of computers are connected with 
each other to form a generally accessible network. Since in 
such a network there are no secure data transmission lines, 
other ways are required to secure data and to identify an 
authorized user. 

30 

In general, a secure unit requests the input of a code word 
for authenticating a user, thus clearly identifying the 
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user. 



This process of securing access from a communications 
device to a remote system is generally known. An example is 
5 shown in figure 8. C» marks a communications device. A' an 
access device and S' the system. Access from the 
communications device to the system is cleared as follows: 
in a first step, a code word is entered at the 
communications device C» . It is then transmitted to the 
10 access device A« where it is checked for validity. In case 
the code word is determined to be valid, the access device 
releases access to the system by the communications device 



15 A large number of such processes, identifying a s\ibscriber 
by means of such code word, are known. However, like the 
example described above, they do have the disadvantage that 
the knowledge of the code word allows an unauthorized user 
to, e.g., access data of another user or to otherwise take 

20 not allowed influence on the system. 

It is therefore object of the invention to provide a method 
for securing access to data allowing greater security in 
authenticating an authorized user wishing to access said 
25 data. 



This object of the present invention is solved methods with 
the features of claims 1. The method with the features of 
claim 1 advantageously allows the secure identification of 
a user, by using two individual connections between a first 
and a second communications device and a determining 
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device, in order to transmit a first and a second code word 
to the determining device for checking. 

The problem of the present invention is furthermore solved 
5 by a method with the features of patent claim 3. The method 
in accordance with claim 3 permits improved security of 
access to the system due to the fact that after the 
transmission and checking of a first code word by the 
determining device, a second code word is transmitted to 
10 the second communications device, for input into the first 
communications device and transmission from the first 
communications device to the transmission device for 
checking. 

15 In an advantageous embodiment of the invention, a data 
processing device can be used as one of the two 
communications devices, connected to the determining device 
via a data network. A telephone can be used as the second 
communications device, connected to the determining device 

20 via a telephone line. 

The connections can particularly advantageously be 
established via an Internet and/or via a mobile radio 
network. In this connection it is possible that after 

25 establishing the connection between the data processing 
device and the determining device and after input of the 
code word by depressing one or more keys on the mobile 
telephone, access to the system and/or to subscriber data 
stored in a data memory of the system is released. By use 

30 of a mobile telephone allocated to a subscriber, a secure 
identification of the subscriber can be carried out. 
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In a further advantageous embodiment of the method in 
accordance with the invention, the transmission device may- 
generate a code word using a secret algorithm. The code 
5 word may be transferred to one of the communications 
devices for input into the other one of the two 
communications devices, and for subsequent retransmission 
to the access device for investigation. This allows a 
further enhanced security, 

10 

In addition, one of the code words can be used to carry out 
data encoding of data transmitted between one or both of 
the communications devices and the determining device. In 
general, a code word may be derived from predetermined 
15 subscriber data, the date or the time. Further, the code 
word may be valid for only one access procedure. 

For the implementation of the method for securing access to 
a system, advantageously an access device may be used, 
20 which on the one hand is connected with the system and on 
the other is connected, via separate communication paths, 
with two communication devices for the transmission of code 
words and for access to the system, preferably a data 
processing unit and a telephone/mobile telephone. 

25 

Further embodiments and advantageous modifications of the 
method become obvious with the subclaims. 

Brief description of the figures: 

30 

Fig. 1 shows a schematic illustration of an embodiment 
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of the method in accordance with the invention 
for securing access to a remote system; 

Fig. 2 shows a flow diagram of the embodiment of the 
5 method in accordance with the invention of Fig. 

1; 

Fig. 3 shows a schematic illustration of a further 
embodiment of the method in accordance with the 
10 invention; 

Fig. 4 shows a flow diagram of the embodiment of the 
method in accordance with the invention of Fig. 
3; 

15 

Fig. 5 shows a schematic illustration of another 
embodiment of the method in accordance with the 
invention; 

20 Fig. 6 shows a flow diagram of the embodiment of the 
inventive method in accordance with Fig. 5; 

Fig. 7 shows a block diagram of a device for carrying 
out the method in accordance with the invention; 
25 and 

Fig. 8 shows a schematic illustration of a known access 
procedure . 



In the following, the invention is described with respect 
to the figures. 



» 

WO 00/03316 



6 



PCT/EP98/04249 



Fig. 1 shows a first embodiment of the method in accordance 
with the invention, wherein individual process steps are 
illustrated using arrows. Fig. l shows first communications 
5 device CI, a second communications device C2 as well as an 
access device A and a system S, to which access is to be 
obtained. Further devices, such as for example 
communications lines, data transmission devices and the 
like are not shown. Reference numerals Sll, S12 and S13 
10 denoting the arrows illustrate process steps which are 
carried out successively in the embodiment of the method in 
accordance with the invention. 

Figure 2 shows a flow diagram of the embodiment shown in 
15 Fig. 1 to further clarify the process in accordance with 
the invention for securing access to a remote system. 

In the following, steps for executing the procedure in 
accordance with figures 1 and 2 will be described. At 

20 first, the step denoted Sll is carried out. In step Sll, a 
first connection is established from the communications 
device CI to an access device A and, besides identifying a 
user, a first code word is transmitted from the first 
communications device CI to the access device A. The first 

25 code word is received by the access device A and it is 
compared with authentication data stored in access device 
A. The comparison can be a known procedure for the 
verification of a transmitted code word. For example, in 
access device A, a copy of the first code word could be 

30 stored and it could be determined by comparison, whether 
the code word which was transmitted is the requisite code 
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10 



word. It could also be determined by a methematical 
operation whether the first code word is correct, by 
checking a particular relationship to the authentication 
data which are stored in access device A. If the first code 
word is determined as being incorrect, the execution of the 
process proceeds to the end point of the flow diagram shown 
in figure 2. If the first code word is found to be correct, 
the process moves on to a step S12. 



In step S12, a connection is established from the second 
communications device C2 to access device A. A second code 
word is transmitted via this connection to the access 
device. This second transmitted code word is received at 
the access device and is authenticated, as was already 
15 described in step Sll. The code word can be a fixed 
sequence of signs, which identify the user and a code 
portion which is known only to the user. But identification 
of the user may also be carried out in a differently. If no 
user assigned code word has been transmitted, the process 
20 moves on to the end point shown in the flow diagram of Fig. 
2. If the second code word is determined to be correct, the 
process moves on to step S13 . 

In step S13, access to the system S is released by the 
25 access device A from one or both of the communications 
devices CI. C2. This access to system S may be such that 
data can be transferred to system S and/or data can be 
retrieved from system S via one or both of the 
communications devices Cl, C2. In addition, it is possible 
30 that the authorized user can trigger certain functions of 
the system S via one or both of the communications devices 
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CI, C2. In the embodiment described, process steps are 
carried out in sequence, preferably in the sequence Sll - 
S13. However, modifications of this sequence or partial 
steps are possible. 

5 

As in the case of a device described in more detail later 
with reference to Fig. 7, in a second embodiment a data 
processing unit can be used as the first communications 
device CI and wherein the connection between this data 
10 processing unit and the access device A is established via 
a data processing network. 

The data processing unit may be constituted by a personal 
computer available on the market, which is equipped with a 

15 suitable modem. The connection between the personal 
computer and the access device A may be established via a 
data network, for example the Internet. The provision of a 
connection from a computer via an internet to the access 
device A, which may also be constituted by a computer or a 

20 server, optionally with special functions and features, is 
well known and will not be further explained at this point. 
In addition, in the second embodiment, the second 
communications device C2 may be constituted by a telephone 
and the connection between the telephone and the access 

25 device A may be established via a telephone network. In 
this connection, the telephone network may preferably be a 
mobile radio network or a conventional fixed telephone 
network and/or PSTN. 

30 Thereby it is possible that the connections between the 
first and/or second communications devices CI, C2 and the 
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access device A may be established via separate 
communications routes independent from each other. 

Furthermore, in the second embodiment, the system S to be 
5 accessed, may be a mobile radio network and/or a memory 
device of the mobile radio network, in which specific 
subscriber-related data are stored, but in particular a 
telephone network in accordance with the GSM standard. In 
case of a GSM network, the access device may advantageously 

10 be an expansion of the HLR (home location register) which 
forms a unit with a server of the worldwide web (WWW) 
and/or of the Internet. In this embodiment, access is 
advantageously controlled to the HLR (home location 
register) by the access device A. In thie HLR register, 

15 subscriber-specific data are stored, for example for 
services such as forwarding of calls or other configuration 
settings which concern the subscriber. The above described 
embodiment enables a subscriber a secure access to the 
communication network or to subscriber data associated with 

20 him stored in the HLR register. 



Therefore the user may alter in a particularly convenient 
way, for example, configuration settings, activate certain 
services and deactivate them and may retrieve, change or 
25 store information and data. The communication between the 
user and the system, necessary for transmission of the code 
words, may be carried out, inter alia, via USSD 
(unstructured supplementary service data) . 

30 Access to subscriber- specific data stored in the HLR 
register in this embodiment may be carried out as follows 
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When relying on the method in accordance with the invention 
shown in figures 1 and 2. 

A subscriber wishing access to the subscriber data in the 
HLR register associated with him, establishes a connection 
between a data processing unit constituting one of the 
communications devices and which is connected by the 
internet (WWW client) to access device A. In this case, 
this is an internet server forming a unit with an expansion 
of the HLR. Authentication of the user and/or subscriber is 
carried out by the transmission and validation of the first 
code word in step Sll, shown in figures 1 and 2, to access 
device A. Here, the communication between the data 
processing unit and the access device A may be performed in 
accordance with a so-called TCP/IP protocol. 

If the access device A determines the user as being 
authorized, access device A awaits an input of a second 
code word via a second communications device, in this case 
the mobile telephone or a fixed network telephone (step 
S12) . In further embodiments, access device A may transmit 
a request for an input of the second code word (step 12) 
via an interface to the GSM network of the mobile telephone 
or of a fixed network telephone. The input of the code word 
may be carried out using a telephone keyboard by pressing a 
single key, for example the call demand key, or by pressing 
a sequence of keys. 

After authorization of the second code word and therefore 
of the subscriber at access device A, the access device 
allows access to system S (step S13 in figures 1 and 2) . 
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This may be access to svibscriber-specif ic data stored in 
the memory device of the HLR register or it may be an 
activation or deactivation of certain services. After 
access has been granted, one of the two communications 
devices Cl, C2, i.e. the data processing unit or the 
telephone or both, may actually be used for accessing the 
system. 

By means of this procedure, for example a selective access 
of a particular svibscriber of a mobile radio network to 
data assigned to this subscriber may be made allowed. 
Preferably, by this proceeding, access is granted only to 
subscriber-specific data and services which assigned to a 
specific subscriber. For example, in a GSM network, the 
identity of the specific mobile telephone used by a 
particular user is permanently known, and therefore a 
fraudulent authentication of a particular subscriber may 
not be performed using any other communications device. 

By the input of at least one further code word via one of 
the communications devices Cl, C2 and by transmission of 
this at least one further code word to access device A, 
expanded access to the system or to subscriber data stored 
in the memory device of the HLR register may be allowed. 

In Fig. 3, a third embodiment of the method in accordance 
with the invention for securing access to a remote system 
is shown will be described. As already shown in the first 
embodiment of Fig. 1, a first communications device Cl, a 
second communications device C2, an access device A and a 
system S are illustrated. In addition, arrows representing 



wo 00/03316 



PCT/EP98/04249 



individual process steps are denoted by S31 to S35. The 
process steps are preferably carried out successively in 
the sequence S31 to S35. However, modifications of this 
sequence or of partial steps are possible. 

5 

Figure 4 shows a flow diagram of the embodiment in Fig, 3 
to further outline the embodiment of the invention. 

In the following, the process steps of figures 3 and 4 will 
10 be described in more detail. In a first step S31, a 
communication is established between the first 
communications device CI and the access device A and, apart 
from a user identification, a first code word is 
transmitted to access device A. The access device compares 
15 the first code word with stored authentication data. This 
may be done similar to the authentication procedure already 
described with respect to example of embodiment 1. If the 
code word is not recognized as correct, the process ends, 
as shown in Fig. 4. Otherwise, the sequence of steps 
20 proceeds to step S32. 

In step S3 2, a second code word is transmitted from access 
device A to the communications device CI, e.g., for 
display. This second code word may be a predetermined code 

25 word or it may be generated by access device A using a 
secret algorithm. For example, the second code word may be 
derived from subscriber-specific identification data and/or 
the time and/or the date. Thereby it becomes possible that 
this second code word or another code word generated by 

30 access device A is only valid for one access. In addition, 
the second or another code word may be used for data 
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encoding a data transmission between the first or the 
second communications device CI, C2 and the access device 
A. 

5 In a step S3 3 the second code word is transmitted from the 
first communications device CI to the second communications 
device C2. This may be done by a read out operation from 
the first communications device CI and an input operation 
at the second communications device C2 or by another form 
10 of data transmission. 

After input of the second code word at the second 
communications device C2, in a step S34 the second code 
word is transmitted to the access device A and is 
15 authenticated there in accordance with the authentication 
process which was described above. If the second code word 
transmitted to the access device is determined to be 
incorrect, the process moves on to END, as shown in the 
flow diagram of figure 4. 

20 

If the code word is recognized as being valid, in step S3 5 
access from one of the communications devices CI, C2 to 
system S is granted, as it was described above in more 
detail with reference to the first or second embodiment. In 

25 a modification of this third embodiment, it is possible 
that after transmission of a first code word from the 
communications device CI and thereafter of a second code 
word from communications device C2 to access device A, a 
third code word is transmitted from access device A to the 

30 communications device CI and from there to communications 
device C2, and is then transferred by communications device 
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C2 to access device A for authentication. 



As with respect to the second embodiment, and also with 
respect to Fig. i, in order to realize the inventive 
5 proceeding, the communications device CI may be a data 
processing unit connected with access device A via the 
internet, and the communications device C2 may be a 
telephone and/or a mobile telephone, connected to access 
device A via a fixed telephone network and/or a mobile 
10 radio network. As was described in the embodiment, in this 
case, code words may be transmitted by the telephone by 
activating a sequence of telephone keys or a separate 
telephone key, such as, for example, the call connection 
key. 



15 



20 



Attention is drawn to the fact that in other examples of 
embodiments, the communications device CI may be a 
telephone/ mobile telephone and/or the communications 
device C2 may be a data processing unit. In addition, the 
second code word which is transmitted from access device A 
to communications device Cl may be generated by access 
device A, for example using subscriber- specif ic 
identification data and/or the time and/or the date. Thus 
it is possible that this second code word, or another code 
25 word generated by access device A, is valid only for one 
access session. Furthermore, one of the code words 
transmitted may be used for data encoding in a data 
transmission between the first or the second communications 
devices Cl, C2 and the access device A. This may improve 
the security of access to the system. Preferably, the 
second code word generated by access device A would be used 



30 
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for such data encoding. 



By inputting of at least one further code word via one of 
the communications devices ci, C2 and by transmission of 
this at least one further code word to access device A, 
expanded access to the system or to other data stored in 
the memory device of the system may be released. 



Figure 5 describes a further embodiment for a realization 
of the method in accordance with the invention for secure 
access to a remote system. As has already been described 
with respect to the embodiments i and 3, Fig. 5 
schematically illustrates a first communications device Cl, 
a second communications device C2, an access device A and a 
system S. To further outline the procedure and their 
realization, process steps S51 to S55 are denote arrows. 
Figure 6 shows a flow diagram for further explaining the 
drawing shown in Fig. 5. 



Below the realization of the method in accordance with the 
invention for secure access by a user to the remote system 
S is described with regard to figures 5 and 6. 



In process step S51, as in steps Sll and S31, a first 
connection is established between a first communcations 
device Cl an access device A, and, apart from a user 
identification, a first code word is transmitted from the 
first communications device Cl to access device A where it 
is authenticated. If the transmitted code word is found to 
be invalid, the process moves on to the end point of the 
flow diagram shown in Fig. 6. If the code word is found to 
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be valid, the process moves on to step S52. 

In step S52, by access device A a second code word is 
generated, for example by means of a secret algorithm, as 
was already described with respect to the third embodiment, 
or a predetermined value is transmitted as the second code 
word to the second communications device C2. 



In a subsequent step S53, the second code word is 
transmitted from the second communications device C2 to a 
first communications device CI. For this purpose the second 
communications device C2 may display the second code word 
for an input into the first communications device CI, or it 
may be transmitted in another way from the second 
communications device C2 to the first communications device 
CI. 



In a further step S54, the second code word is transmitted 
from the first communications device Cl to access device A 
20 and is checked there for correctness, as described above. 
If the code word transmitted in step S54 is determined to 
be invalid, the process moves on to the end point of the 
flow diagram shown in Fig. 6. 

25 If the second code word transmitted in step S54 is found 
to be valid, in step S35 data access or access to functions 
of the system is released by access device A. This access 
to data or to functions of the system may be carried out, 
as described above, by one of the communications devices 

30 Cl, C2. 
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As in the examples of embodiments described above, the 
connections between the first communication device CI 
and/or the second communications device C2 and the access 
device A may be established via separate communications 
5 routes independent from each other. Furthermore, as it was 
described with respect to the example of embodiment 2, the 
first communications device CI may be a data processing 
unit and the connection between access device A and the 
data processing unit may be established via a data 
10 processing device network. Preferably, a data processing 
unit is selected as the first communications device CI and 
a mobile telephone as the second communications device. 

In this fourth embodiment, the second code word transmitted 
15 to communications device CI in step S52 may be computed 
using subscriber- specif ic data and/or a date and/or a time 
and, in certain cases, it may be valid only for a single 
access session. In addition, the communications device C2 
may be a telephone or a mobile telephone, and the 
20 connection between communications device C2 and access 
device A may be established via a fixed telephone network 
and/or via a mobile telephone network. Attention is drawn 
to the fact that the communications device CI may also be a 
telephone or a mobile telephone, and communications device 
25 C2 may be a data processing unit. 

The transmission of the code words may be carried out as 
was already described in the second embodiment. The grant 
of access to system S may be such that a subscriber can 
30 access subscriber data allocated to him, change or store 
them, or the subscriber may be allowed to activate or 
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deactivate certain services. The subscriber data are 
preferably stored in a home location register (HLR) . Should 
a mobile telephone be used as the communications device, 
access to subscriber data may advantageously be restricted 
5 to subscriber data allocated to a subscriber, to whom the 
used mobile telephone is allocated. 

In addition, one of the transmitted code words may be used 
for data encoding in data transmission between the first or 

10 second communications devices CI, C2 and access device A, 
Moreover, after release of data access by the access device 
A at least one further code word may be transmitted from 
one of the communications devices CI, C2 to access device 
A, in order to release expanded access to the system or to 

15 other data which are stored in the memory device. 

Figure 7 shows an embodiment of a device for carrying out 
the method in accordance with the invention. The figure 
shows an access device marked A to control access by a user 
20 to a remote system 

The double arrow shown between access device A and system S 
marks a data connection existing between these two devices. 
In the case of a GSM system, the access device and the 
25 system may communicate with each other within the framework 
of the MAP (mobile application part) protocol. 

El shows a mobile telephone. An arrow connects with access 
device A, denoting, e.g, a mobile radio network. In 
30 addition, Fig. 7 shows a data processing unit D2. A double 
arrow connects with access device A, denoting any data 
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connection. E.g., this data connection may be an internet 
and communication may be carried out in accordance with the 
TCP/IP protocol. 



10 



15 



20 



In accordance with a process shown in connection with the 
examples of embodiments 1 to 4 for the authentication of a 
user, in the case of correct input of the code words, the 
access device releases access to the system. Then either by 
the mobile telephone El and/or the data processing unit E2 
via the respective connections to the access device, access 
to system S can be obtained. In the embodiment, supported 
by a graphic display of the data processing unit E2, the 
subscriber-specific user profile in an HLR of a memory 
device of a mobile radio network, for example a GSM 
network, may be stored, retrieved or changed. It is 
furthermore conceivable that other functions of system S 
may be controlled by one of the data processing devices G. 
In addition, by the input of further code words, after 
connection has been established between the devices El, E2, 
access to further functions of system S or to other 
subscriber-specific data in the subscriber register HLR may 
be enabled. 
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1. A method for secure user access to a separate system 
(S) having data stored in a memory device, comprising 
5 the following steps : 

establishing a first connection between a first 
communications device (CI) and an access device (A) 
and transmission of a first code word from the first 
0 communications device (CI) to the access device (A) ; 

comparing the first code word with first 
authentication data stored in the access device (A) ; 

5 establishing a second connection between a second 

communications device (C2) and the access device (A), 
and transmitting a second code word from the second 
communications device (C2) to the access device (A) ; 

0 comparing the second code word with second 

authentication data stored in access device (A) ; and 

granting access to the system (S) via at least of the 
communications devices (CI, C2) , given the presence of 
5 a predetermined relationship between the first and 

second code words and the second authentication data 
stored in access device (A) . 



2. 

30 



Method in accordance with claim 1, characterized by 
the steps: 
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transmitting the second or a third code word from 
access device (A) to the first communications device 
(CI) ; 

transmitting the second or third code word from the 
first communications device (CI) to the second 
communications device (C2) ; and 

transmitting the second or third code word from the 
second communications device (C2) to the access device 
(A) , for validating the code word before access to the 
data is granted. 

A method for secure user access to a separate system 
(S) having data stored in a memory device, comprising 
the steps below: 

establishing a first connection between a first 
communications device (CI) and an access device (A) 
and transmission of a first code word from the first 
communications device (CI) to access device (A) ; 

comparing the first code word with first 
authentication data stored in the access device (A) ; 

given the presence of a predetermined relationship 
between the first code word and the authentication 
data stored in the access device (A) , establishing a 
second connection between the access device (A) and a 
second communications device (C2) and transmitting a 
second code word from access device (A) to the second 
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communications device (C2) ; 



transmitting the second code word from the second 
communications device (C2) to the first communications 
device (Cl) ; 

transmitting the second code word from the first 
communications device (Cl) to access device (A) ; 

comparing the second code word with second 
authentication data stored in access device (A) ; and 

granting access to the system (S) with at least one of 
the communication devices (Cl, C2) , given the presence 
of a predetermined relationship between the second 
code word and the second authentication data stored in 
the access device (A) . 



Method in accordance with one of the preceding claims, 
characterized by establishing the first and second 
connection via communications routes independent from 
each other. 



5. Method in accordance with one of the preceding claims, 
characterized in that at least the first 
communications device (Cl) is constituted by a data 
processing unit and the connection between the data 
processing unit and the access device (A) is 
established via a data processing device network. 



6. 



Method in accordance with claim 5, characterized in 
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that an internet is used for the connection between 
access device (A) and the data processing unit. 

Method in accordance with one of the preceding claims, 
characterized in that a telephone is used as one of 
the communications devices (CI, C2) and the connection 
between the telephone and access device (A) is 
established via a telephone network. 

Method in accordance with claim 7, characterized in 
that a mobile telephone is used as communications 
device (CI, C2) . 



9. Method in accordance with claims 7 or 8, characterized 
in that the first or second code word is transmitted 
by pressing a call demand key. 

10. Method in accordance with one of claims 7 to 9, 
characterized in that the system (S) is a GSM network 
and the memory device is a home location register 
storing subscriber-specific data. 

11. Method in accordance with one of the preceding claims, 
characterized in that at least one of the code words 
is generated by access device (A) and is valid only 
for one access session. 



12. Method in accordance with claim 11, characterized in 
that at least one of the code words is generated using 
a subscriber identification and at least one of time 
and date. 
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13. Method in accordance with one of the preceding claims, 
characterized in that one of the code words is used 
for data encoding in a data transmission between the 
access device (A) and at least one of the first and 
second communications devices (CI, C2)s. 

14. Method in accordance with one of the preceding claims, 
characterized in that after the release of data access 
via one of the communications devices (CI, (C2) , at 
least one further code word is transmitted to access 
device (A) to release expanded access to the system or 
to other data which are stored in the memory device. 

15. A device for carrying out the method in accordance 
with one of the preceding claims, comprising 

an access device (A) connected to the system (S) ; 

a data processing unit connectable to the access 
device (A) via a data processing device network; and 



25 



a fixed network telephone or a mobile telephone 
connectable to the access device (A) via a fixed 
network and/or a mobile radio network. 
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